On Tue, 17 Feb 2009, Curt Hauge wrote:
> I am trying to bring a server into PCI compliance and I have two issues
> with TCP port 7786 minivend.
Most people use the UNIX socket listener and vlink CGI. If you're not
using the TCP listener on port 7786, you can just turn it off. Or at the
very least, firewall it so the outside world can't get to it.
> [start Kevin]
> To get both UNIX and Inet modes, add the following to your
> interchange.cfg file:
>> Unix_Mode Yes
> Inet_Mode Yes
>> TcpHost 127.0.0.1
> TcpMap 7786 -
>> Restart Interchange after modifying your interchange.cfg file.
>> There's not always a point in running Interchange in both UNIX and Inet
> modes. Pick one or the other, unless you really do need both for some
> reason.
>> [end Kevin]
>> Maybe I should just comment that out?
Yep. You can set Inet_Mode No and remove the TcpHost and TcpMap settings.
The point of the audit should still be respected, though: If you're
running an old version of Interchange, there could be security
vulnerabilities you should fix by upgrading. And in any case, your
catalog's custom HTML could have XSS vulnerabilities you should fix.
Jon
--
Jon Jensen
End Point Corporation
http://www.endpoint.com/